[Secure-testing-commits] r29587 - data/CVE
Kurt Roeckx
kroeckx at moszumanska.debian.org
Wed Oct 22 21:41:17 UTC 2014
Author: kroeckx
Date: 2014-10-22 21:41:17 +0000 (Wed, 22 Oct 2014)
New Revision: 29587
Modified:
data/CVE/list
Log:
CVE-2014-3566 is NOT about fallback SCSV, it's about poodle, like it already said.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-22 21:14:22 UTC (rev 29586)
+++ data/CVE/list 2014-10-22 21:41:17 UTC (rev 29587)
@@ -11023,10 +11023,17 @@
{DSA-3053-1}
- openssl 1.0.1j-1
CVE-2014-3566 (The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...)
- NOTE: openssl 1.0.1j-1 added SCSV
+ - openssl 1.0.1j-1
+ - nss <unfixed>
+ - gnutls26 <unfixed>
+ - gnutls28 <unfixed>
+ [wheezy] - iceweasel <unfixed>
+ [squeeze] - iceweasel <end-of-life>
+ [wheezy] - icedove <unfixed>
+ [squeeze] - icedove <end-of-life>
NOTE: https://www.openssl.org/~bodo/ssl-poodle.pdf
NOTE: http://googleonlinesecurity.blogspot.fr/2014/10/this-poodle-bites-exploiting-ssl-30.html
- NOTE: This is only about the SSLv3 CBC padding, not about any downgrade attack.
+ NOTE: This is only about the SSLv3 CBC padding, not about any downgrade attack or support for the fallback SCSV
NOTE: Fix is to disable SSLv3 in library or application configurations
CVE-2014-3565 (snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is ...)
- net-snmp 5.7.2.1~dfsg-7 (bug #760132)
More information about the Secure-testing-commits
mailing list